The data protection act exists to provide protection for people's personal information and to allow others to use personal information when they need to in accordance with set statutory principles. It was passed in 1998 and came into force in 2000. The Data protection Act of 1998 sets out rules for processing personal information, and it applies tosome paper records as well as those held on computer. The Act givesindividuals certain rights, and imposes obligations on those who recordand use personal information to be open about how information is usedand to follow eight data protection principles:
Personal data must be processed following these principles so that data are:
processed fairly and lawfully
obtained for specified and lawful purposes
adequate, relevant and not excessive
accurate and, where necessary, kept up-to-date
not kept for longer than necessary
processed in accordance with the subject's rights
kept secure
not transferred abroad without adequate protection
Personal data must be processed following these principles so that data are: